diff options
author | redmatrix <redmatrix@redmatrix.me> | 2015-12-06 14:24:18 -0800 |
---|---|---|
committer | redmatrix <redmatrix@redmatrix.me> | 2015-12-06 14:24:18 -0800 |
commit | 2393db39434d47a237fb01847213256d1396f8d1 (patch) | |
tree | 319ad78afc55beebf982adfe75ad389cbad782b5 | |
parent | a88ec1b1af954a447a666d3ff66b1d1df0a645db (diff) | |
parent | 10db51e6c2f16f13b55abc0a23513cac90a311a4 (diff) | |
download | volse-hubzilla-2393db39434d47a237fb01847213256d1396f8d1.tar.gz volse-hubzilla-2393db39434d47a237fb01847213256d1396f8d1.tar.bz2 volse-hubzilla-2393db39434d47a237fb01847213256d1396f8d1.zip |
Merge branch 'dev'
-rwxr-xr-x | include/plugin.php | 9 | ||||
-rw-r--r-- | include/zot.php | 16 |
2 files changed, 25 insertions, 0 deletions
diff --git a/include/plugin.php b/include/plugin.php index 1d4caac0f..1f4d60736 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -495,6 +495,15 @@ function format_css_if_exists($source) { return '<link rel="stylesheet" href="' . script_path() . '/' . $path . '" type="text/css" media="' . $source[1] . '">' . "\r\n"; } +/* + * This basically calculates the baseurl. We have other functions to do that, but + * there was an issue with script paths and mixed-content whose details are arcane + * and perhaps lost in the message archives. The short answer is that we're ignoring + * the URL which we are "supposed" to use, and generating script paths relative to + * the URL which we are currently using; in order to ensure they are found and aren't + * blocked due to mixed content issues. + */ + function script_path() { if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS']) $scheme = 'https'; diff --git a/include/zot.php b/include/zot.php index 6764072aa..d41d5e828 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1611,6 +1611,14 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $channel = $r[0]; $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); + /* blacklisted channels get a permission denied, no special message to tip them off */ + + if(! check_channelallowed($sender['hash'])) { + $DR->update('permission denied'); + $result[] = $DR->get(); + continue; + } + /** * @FIXME: Somehow we need to block normal message delivery from our clones, as the delivered * message doesn't have ACL information in it as the cloned copy does. That copy @@ -2082,6 +2090,14 @@ function process_mail_delivery($sender, $arr, $deliveries) { $channel = $r[0]; $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); + /* blacklisted channels get a permission denied, no special message to tip them off */ + + if(! check_channelallowed($sender['hash'])) { + $DR->update('permission denied'); + $result[] = $DR->get(); + continue; + } + if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) { logger("permission denied for mail delivery {$channel['channel_id']}"); $DR->update('permission denied'); |